(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT )
`
`( 19) World Intellectual Property Organization
`International Bureau
`
`(43) loteroatiooal Publication Date
`15 November 2001 (15.11.2001)
`
`• 1111111111111111 IIIIII IIIII IIII I II 111111111111111111111111111111111111111111 IIII
`
`(10) International Publication Number
`WO 01/86599 A2
`
`PCT
`
`(SI) International Patent Classification 7:
`
`G07F 7/00
`
`(21) International Applica tion Number:
`
`PCT/[B0l/00809
`
`(22) International Filing Date :
`
`13 Aptil 2001 (13.04.2001)
`
`(25) Filing Language:
`
`(26) Publication Language:
`
`English
`
`English
`
`(30) Priority Da ta:
`60/197,775
`60/264,013
`
`14 Aptil 2000 (14.04.2000) US
`26 January 200 1 (26.01.2001) US
`
`(71) Applicant (for all designated States except US) : S UPER(cid:173)
`COM LTD. [II.JIL]; Halaas Street 25, New Tndusttial Area,
`44425 Kfar Saba (TL).
`
`(72) lnventors; and
`(75) Inventors/Applicants (for US only): LANDMAN, Avi
`[II.JIL]; 99 I lagdud l laivti Street, 26306 Kitiat I !aim (IL).
`ROZEN, Eli ITUIL); 38 Heleni Hamalka Street, 46768
`Herzliya Pituah (IL). HASSA N, Jacob [II.JIL]; 21 Shnat
`Hayovel Street, 45304 Hod Hasharon (TL).
`
`(74) Agent: BEN-DAVID, Yirmiyahu, M.; Jeremy M. Ben-
`David & Co. Ltd., P.O . Box 4508, Har Hotzvim Hi-Tech
`Park, 91450 Jerusalem (IL) .
`
`(81) Designated States (national): AE, AG, AL, AM, AT, AU,
`AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CR, CU, CZ,
`DE, DK, DM, DZ, ElEl, ES, Pl, GB, GD, GE, GH, GM, HR,
`HU, ID, IL, lN, IS, J P, KE, KG, KP, KR, KZ, LC, LK, LR,
`LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ,
`NO, NZ, PL, PT, RO, RU, SD, SE, SG, ST, SK, SL, TJ, TM,
`TR, Tr, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW.
`
`(84) Desig nat ed S tates (regional): ARIPO patent (GI-:1, GM,
`KE, I.S, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian
`patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), European
`patent (AT, BE, CH, CY, DE, DK, ES, Fl, FR, GB, GR, CE,
`IT, LU, MC, NL, PT, SE, TR), OAPT patent (BF, BJ, CP,
`CG, Cl, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG).
`
`Published:
`without international search report and lo be republished
`upon receipt of that report
`
`-------------------------------------------
`
`(54) Title: SMART COMMUNlCATIONS
`
`[Continued on ne.xl page]
`
`320
`
`Cellular
`P!lone
`
`310
`
`Cellular
`Modem
`305
`
`Process
`Cm\trol Unit
`)IS
`
`Activity
`IMiwor
`J2l
`
`, - - ----~,---
`
`-
`
`Optiooal
`""71 Contact1'man
`eudreadtr
`JSl
`
`Biometric.
`Unil
`365
`
`-iiiiii
`
`iiiiii --iiiiii -iiiiii --
`--iiiiii
`iiiiii ----
`
`Con1.1cdcu Tnnsmis,sioo
`and
`Rttcpt1on or dtta
`
`l
`
`0'.
`0'.
`tr)
`1,0
`...._
`Q0
`~ (57) Abstract: A method and apparatus for providing a wireless device wilh the ability to have secure e-commerce transactions
`utilizing a contactless sman card. Additionally, the method and apparatus provide for a wireless smart card transaction system which
`0 utilizes biomeltic identification methods. The system may incorporate at least one biometric input device, such as a fingerptint reader,
`:;_.. a camera or micro-camera for iris or face recognition, and/or a standard microphone for voice recogni tion or any other biometric
`j;,iil-- input device.
`
`Square Exhibit 1011
`Square, Inc. v. 4361423 Canada Inc.
`IPR2019-01630
`Page 00001
`
`

`

`WO 01/86599 A2
`
`1111111111111111 IIIIII 11111 1111111111 IIIII IIIII IIIII IIIII IIII 111111111111111 IIII
`
`For two-lei/er codes and other abbreviations, refer to the "Guid(cid:173)
`ance Notes on Codes and Abbreviations" appearing at 1he begin(cid:173)
`ning of each regular issue of the PCT Gazette.
`
`IPR2019-01630 Page 00002
`
`

`

`WO 0 1/86599
`
`PCT /IBO 1 /00809
`
`SMART COMMUNICATIONS
`
`This application claims the benefits ofUnited States Provisional Application Nos.
`
`60/197,775, filed April 14, 2000, and 60/264,013, filed January 26, 2001, which are co-
`
`5
`
`pending and are hereby incorporated by reference.
`
`BACKGROUND OF THE INVENTION
`
`1.
`
`Field of the Invention
`
`This invention relates to wireless communications, and more particularly, to a
`
`1 0
`
`system suitable to utilize smart card technology with a wireless communication device
`
`to provide authorization and security features for wireless communications and
`
`transactions.
`
`In addition, the present invention relates generally to the field of authentication
`
`of electronic transactions, and more particularly to a non-reputable digital signature that
`
`15
`
`allows authentication of the identity of a user/customer by comparison with an unique
`
`biological indicia.
`
`2.
`
`Description of the Related Technolo1n7
`
`Cellular phones are well known in the prior art. For example, U.S. Patent No.
`
`20
`
`5,867,795 shows a portable electronic device including a virtual image display positioned
`
`within a housing or remote unit. The device is capable of providing an image of
`
`information contained on a smart card as well as transactions processed in response to
`
`1
`
`IPR2019-01630 Page 00003
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`data transmitted by a two-way voice transceiver between a host database and the portable
`
`electronic device. In addition, the above-referenced aptent shows a sensor constructed
`
`to have the smart card positioned adjacent thereto in data sensing juxtaposition and
`
`electronics connected to the sensor for processing data between the host database and the
`
`5
`
`portable electronic device, and for reading and writing data to the smart card.
`
`US Patent No. 5,821,983 shows a smart card, a non-passive, secure
`
`microprocessor-based data storage medium, is used for the storage of a plurality of data
`
`messages and is read by a video telephone terminal equipped with a smart card reader to
`
`provide transmission of a data message, comprising video image data, either in still frame
`
`10
`
`or full motion format, to a remote video telephone terminal. The use of the smart card
`
`for storage of a data message provides a secure, transportable message that is available
`
`for transmission from any video telephone terminal having smart card reading capability.
`
`Smart cards are non-passive data storage devices which comprise a
`
`microprocessor, memory and I/0 circuitry. Smart cards are generally used when a secure
`
`15
`
`and portable means to store data is desired. There are contactless smart cards which do
`
`not require physical contact to transfer data between the card and a card reader. There
`
`are also smart cards which have electrical contacts to facilitate such data transfer. Prior
`
`art U.S. Patent No. 4,480,178 describes a contactless smart card, and U.S. Patent No.
`
`5,120,939 describes the security which smart cards provide when used as data memory
`
`20
`
`devices.
`
`Electronic commerce is a widespread means of conducting business. The Internet
`
`and World Wide Web have created new avenues for conducting business. Electronic
`
`2
`
`IPR2019-01630 Page 00004
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`business transactions present a number legal and financial problems. These electronic
`
`transactions create security concerns because the data is transmitted across public
`
`networks and can be intercepted. Encryption methods have been developed which allow
`
`data to be read only by the designated receiver. For example, public key encryption
`
`5
`
`allows a first user to send a message to a second user that is encrypted using the second
`
`user's public key. The second user's public key can be freely distributed to anyone the
`
`second user wishes to communicate with. The message can only be decrypted using the
`
`second user's private key. If the message is intercepted it cannot be decoded withoutthe
`
`second user's private key.
`
`10
`
`The identity of a party transmitting a message executing an electronic transaction
`
`is also of concern, particularly where one of the parties is obliged to perform in the future
`
`or is subject to some future liability. In such transactions it is necessary that the parties
`
`not be able to repudiate the agreement. Also, the identity of the parties must be clearly
`
`established so that each can be assured that the other party is in fact the person it
`
`15
`
`represents to be, and is able to perform. Further, the identity of the parties may need to
`
`be established with a high degree of certainty to support a legal claim, should one of the
`
`parties later attempt to avoid or repudiate the transaction.
`
`Digital signatures have been developed to provide a means for identifying a party
`
`transmitting an electronic message. One method for creating digital signatures is to
`
`20
`
`generate public and private key pairs for each of a group of parties that may wish to
`
`exchange digitally signed documents. Each of the parties stores its public decrypting keys
`
`in a registry along with identifying information, such as the key owner's name and e-mail
`
`3
`
`IPR2019-01630 Page 00005
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`address. The key owners each keep their private encrypting keys secret.
`
`To create a digital signature a party encrypts a message with his private
`
`encrypting key that includes the same identifying information that is stored in the
`
`registry. The party receiving the encrypted message goes to the registry and retrieves the
`
`5
`
`sending party's public decrypting key and identifying information. The receiving party
`
`decrypts the message using the decrypting key from the registry and extracts the
`
`identifying information. If the identifying information found in the message matches the
`
`information stored in the registry then the receiving party concludes that the message is
`
`genuine. Further, there is some assurance that the sending party will not deny that he sent
`
`10
`
`the message since only the sending party's private encrypting key can create a message
`
`that the sending party's public decrypting key can decode.
`
`Known digital signature techniques suffer from certain problems. A third party
`
`may intercept a signed message and use the signed message to spoof another party. By
`
`retransmitting the signed message, the interceptor may be able to convince a recipient
`
`15
`
`that he is the true sender. This is the so-called "man-in-the-middle" attack.
`
`In addition, known digital signatures are subject to repudiation. A party may no
`
`longer wish to be bound by a disadvantageous agreement or may be subject to criminal
`
`or civil liability if he made the agreement. That party may simply deny sending a
`
`particular message. The party may claim that he did not intend to execute a transaction
`
`20
`
`with a particular party but was instead the victim of a man-in-the-middle attack.
`
`With known digital signature techniques, the only information connecting the
`
`sender with the message is the database entry in the registry containing his public
`
`decrypting key and the identifying information. Thus, the sender may repudiate a
`
`IPR2019-01630 Page 00006
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`transaction by claiming that his public decrypting key was registered without his
`
`authority.
`
`SUMMARY OF THE INVENTION
`
`An object of the invention is to provide a wireless device with the ability to have
`
`5
`
`secure e-commerce transactions utilizing a contactless smart card. It is a further object
`
`of the present invention to provide a wireless smart card transaction system which utilizes
`
`biometric identification methods. The system may incorporate at least one biometric
`
`input device, such as a fingerprint reader, a camera or micro-camera for iris or face
`
`recognition, standard microphone for voice recognition or any other biometric input
`
`10
`
`device.
`
`Another object of the invention to is to capture the biometric data of a person
`
`using the device/module. Once the biometric data has been captured, another object of
`
`the invention is to encrypt the biometric data and transmit it to a remote host or server for
`
`authorization. Alternatively, the device/module may perform a local authorization of the
`
`15
`
`biometric data. After the device/module has performed the local authorization, the device
`
`may transmit an encrypted authorization message to a host or service supplier. If either
`
`authorization method fails to approve of a user, the device may deny the user services.
`
`Another object of the invention is to provide a financial information and
`
`transaction system which utilizes wireless communications. In this system, a device is
`
`20
`
`connected to a financial institution via a wireless connection. Smart cards are utilized to
`
`verify authorization for communications and transactions, thereby minimizing potential
`
`security problems which could otherwise result from use of a wireless device.
`
`Alternatively, a smart card is advantageously utilized not only for authorization, but also
`
`5
`
`IPR2019-01630 Page 00007
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`to maintain a secure record of available funds. The system not only provides the
`
`functionality of an ATM network, but also provides non-financial services, thereby
`
`forming an integrated system.
`
`In another embodiment, a wireless communication device may be comprised of
`
`• 5
`
`a communications interface and a contactless smart card interface, such as a contactless
`
`reader/writer, connected to the communications interface. The communications interface
`
`may include a controller, transmission/reception subsystem, and/or user interface. The
`
`controller may be a microprocessor and the user interface u:iay include a microphone,
`
`speaker, key pad/board, micro-camera, display screen, touch screen or any other
`
`10
`
`input/output device.
`
`An object of the invention is to provide a module to upgrade existing wireless
`
`devices to include a smart card reader/writer, in particular a contactless smart card
`
`reader/writer, in order to communicate with contactless cards.
`
`It is a further object of the invention to provide a smart card transaction system
`
`15
`
`which is integrated with wireless communication devices, including personal digital
`
`assistants (PDAs), cellular phones, PCS systems, pagers, etc. The format of the wireless
`
`communication is not a limitation to the system. It is a further object of the invention to
`
`provide smart card based transactions and token redemption systems. It is a further
`
`object of the invention to provide enhanced security to such systems through biometric
`
`20
`
`authentication processes and apparatus. It is a further object of the invention to provide
`
`a transaction system integrated with a wireless communication system utilizing either
`
`contact based or contactless smart card technologies.
`
`According to an advantageous feature of the invention, a wireless communication
`
`6
`
`IPR2019-01630 Page 00008
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`device such as a cellular phone may be utilized to access a communication network. A
`
`transaction may be conducted over the communication network, and a token or other
`
`indicia of value may be transmitted to the wireless communication device. The wireless
`
`communication device may then download the token, or other indicia of value, or other
`
`5
`
`information to a smart card via integrated or add-on contact based or contactless smart
`
`card interfaces ( such as a reader/writer). The transaction system may include one-to-one
`
`security/authentication features or one-to-many security/authentication features, when
`
`involving a remote host computer database storage.
`
`In another embodiment, a module may include a contact smart card reader. The
`
`10
`
`module may be used with contact smart cards, contactless smart cards, or both.
`
`These, together with other objects and advantages which will be subsequently
`
`apparent, reside in the details of construction and operation as more fully hereinafter
`
`described in the claims, with reference to the accompanying drawings forming a part
`
`thereof, wherein like numerals refer to like elements throughout.
`
`15
`
`The present invention is directed to methods and apparatus for storing a digital
`
`signature, analzing a "live" signature and comparing the two to provide positive user
`
`authentication and non-repudiation. It is an object of the present invention to store a
`
`unique characteristic of the sender, such as biological indicia that can only have come
`
`from the user. In a perferred embodiment, a digital signature is stored in the memory of
`
`20
`
`a bioauthentication smart card for comparison to a "live" signature.
`
`Another object of the present invention is to store a digital signature that allows
`
`positive identification of the sender which cannot be repudiated.
`
`Another object of the present invention is to analyze a stored digital signature
`
`7
`
`IPR2019-01630 Page 00009
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`with a real time signature applied to a smart card.
`
`Another object of the present invention is to provide a method for positively
`
`identifying a user during an electronic transaction with a biologically-based digital
`
`indicia.
`
`5
`
`The present invention is directed to methods and apparatus for creating and
`
`storing a digital for use in electronic commerce. The person requesting the electronic
`
`transaction
`
`digital certificate such that the digital certificate provides positive identification of the
`
`1 O
`
`sender and minimizes the ability of the sender to repudiate the authenticity of the
`
`certificate and any transaction embodied in an electronic document appended to the
`
`certificate.
`
`According to an aspect of the present invention, a person, hereinafter called a
`
`user, wishing to obtain a bioauthentication smart card visits a local bank or service center
`
`15
`
`and enters a data corresponding to a biological or physical characteristic of himself, for
`
`example, his signature into a smart card. Preferably, the data is entered in digital form,
`
`but could be entered by optical imaging ( e.g. a photograph or a scanned fingerprint, iris,
`
`or retina) which is then processed into digital form. The digital representation of the
`
`registrant's biological indicia is encrypted using the registrant's private key and sent to
`
`20
`
`the certificate authority along with the registrant's public key. The certificate authority
`
`decrypts the digital representation and stores it. The registrant then visits a remote
`
`registration terminal in person with the digital representation and other identifying
`
`documents. The operator of the remote registration terminal verifies the identity of the
`
`8
`
`IPR2019-01630 Page 00010
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`registrant from the identifying documents and transmits the digitized representation to
`
`the certificate authority. The certificate authority compares the decrypted digital
`
`representation with the representation sent from the remote registration terminal. If a
`
`match is found, the certificate authority forms a certificate by signing the digital signature
`
`5
`
`using the certificate authority's encrypting key. The certificate is stored in a database and
`
`is sent to the registrant. Preferably, the database is public with no restriction as to who
`
`may access the stored certificate data. Alternatively, access to the database may be
`
`restricted to, for example, employees of a particular corporation or government
`
`department, database subscribers, or members of a stock exchange.
`
`10
`
`According to another aspect of the present invention, the registrant transmits a
`
`digital message including the certificate described above. The digital message is then
`
`encrypted with the registrant's private encrypting key. The party receiving the encrypted
`
`message decrypts the message using the registrant's public decrypting key. The receiving
`
`party inspects the message to verify that the appended certificate is valid and that the
`
`15
`
`certificate was prepared by a reputable certificate authority by comparing the certificate
`
`with the information stored in the database. The reputation of the certificate authority
`
`provides some assurance that the message is genuine and that the sender will not later
`
`repudiate the message because his signature and identifying information are part of the
`
`certificate stored in the public database.
`
`20
`
`If additional assurance that the registrant actually transmitted the message is
`
`desired, the receiving party can transmit the certificate to the certificate authority and
`
`request that the certificate be decrypted to extract the digitized representation. The digital
`
`representation is then compared with the digital representation originally submitted by
`
`9
`
`IPR2019-01630 Page 00011
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`the registrant. If even greater assurance is required, for example, where the registrant later
`
`attempts to repudiate the message, the digital representation can be compared with
`
`biological indicia of the registrant from which the digital signature was originally formed.
`
`5
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG.1
`
`shows an embodiment of the invention;
`
`FIG.2
`
`shows another embodiment of the invention;
`
`FIG.3
`
`shows another embodiment of the invention;
`
`10
`
`FIG.4
`
`FIG. 5
`
`shows an embodiment of the invention;
`
`shows another embodiment of the invention;
`
`FIG. 6
`
`shows another embodiment of the invention.
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
`
`The smart card market is a rapidly growing market. Smart cards are usually
`
`15
`
`divided into two categories: standard smart cards and contactless smart cards. A smart
`
`card is a plastic card, having the size of a regular bank or credit card, that contains a
`
`semiconductor chip. The International Standards Organization (ISO) specifies the size
`
`and thickness of both credit cards and smart cards. The basic contact smart card standard
`
`is the ISO 7816 series, part 1-10, while con tactless cards will be governed by the ISO
`
`20
`
`14443 standard. The invention is not limited to systems that implement these standards.
`
`The chip in a contactless smart card can store large quantities of information. The card
`
`may also contain a microprocessor, which can process data, turning the smart card into
`
`a small computer. The smart card is activated by placing the card in a terminal that can
`
`10
`
`IPR2019-01630 Page 00012
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`read and write data to/from the card. Standard smart cards must be physically contacted
`
`by the terminal for data to be read or written. Contactless smart cards, however, can be
`
`accessed without physical contact. Instead, data can be exchanged via radio frequency
`
`technology, which is usually 13.56 Ivlliz. To make this possible, a contactless smart card
`
`5
`
`must contain not only a memory and/or a PCU unit but also a transmitter/receiver unit
`
`which modulates/demodulates the data and an antenna connected to the chip to
`
`transmit/receive the data. The invention is not limited to systems that use the radio
`
`frequency bands. The system may use other commumication frequency bands.
`
`Wireless communication devices, such as cellular phones and PD As, are common
`
`10
`
`portable communications devices. There is a need to provide smart card transaction
`
`capabilities in these portable devices and to upgrade these wireless communications
`
`devices to accommodate smart card transactions. In an embodiment of the invention, a
`
`smart card reader/writer module may be provided as an attachment to a standard wireless
`
`device. The module may operate at 13.56 MHz high-frequency standard. The module
`
`15
`
`may be appropriately sized to ergonomically match a host wireless device. For example,
`
`the module may be approximately 5 cm long, 2-4 cm wide, 4 cm high. The module may
`
`be connected to device 220, as shown in FIG. 2, via an interface connector such those
`
`used for connecting to regular data modems. In an alternative embodiment, module 210,
`
`as shown in FIG. 2, may be integrated into the battery of device 220. In another
`
`20
`
`alternative embodiment, the module may be incorporated into the wireless device 220.
`
`As shown in FIGS.2 and 3, module 210 may be a separate add-on device for
`
`connecting to a wireless communication device 220. Module 210 may be connected to
`
`communication device 220 through an external connector and may receive power from
`
`11
`
`IPR2019-01630 Page 00013
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`a battery (not shown) in communication device 220. In an alternative embodiment, a
`
`power supply (not shown) may be included in module 210. The module power supply
`
`may also be used as a reserve power supply for communication device 220.
`
`A user may request to receive a biometric authorization smart card from a service
`
`5
`
`center or bank. In a preferred embodiment, the user may visit the service center or bank
`
`to initialize the smart card. The user may be required to present at least one form of
`
`identification (e.g., driver's license, passport, birth certificate) to the service provider or
`
`bank before receiving the smart card. As shown in FIG. 1, the biometric authorization
`
`smart card (105) may have a signature scratch pad (110) on the back oftbe card, which
`
`10
`
`the user may initialize by signing the scratch pad X number of times. For example, the
`
`user may be requred to sign the scratch pad three times in front of the bank officer. Once
`
`the signature has been applied to the back of the smart card, the signature will be stored
`
`in a digital form on a microchip in the card. This has the advantage of eliminating the
`
`need for a remote storage center for the biometric information of the user.
`
`15
`
`With today's advancing technology, there is a growing concern over the
`
`collection of personal information such as biometric information for databases, which can
`
`be sold to other companies or the government without an individual's knowledge. The
`
`growing concern over Big Brother has provided a need for the invention shown herein,
`
`where the biometric information is stored in the card and the individual is always in
`
`20
`
`possession of that card. This embodiment elimates the concerns regading the collection
`
`of personal biometric infom1ation for a centralized database.
`
`After a user has obtained and intialized a biometric authorization smart card, the
`
`user or card holder may purchase goods or services using any type of communication
`
`12
`
`IPR2019-01630 Page 00014
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`device. A communcations device may be a landline telephone, a wireless device, or a
`
`computer capable of exchanging data with another communications device. Figure 6
`
`shows a flow chart of a method of using the biometric smart card. A card holder may
`
`establish a communication link via a wireless personal device with another party or
`
`5
`
`service provider (605). It should be noted that any type of communication device may
`
`be used to establish a communication link with another party. This may include landline
`
`telephones, wireless communication devices, and computer related communication
`
`devices, so long as the communication device is equipped to read the biometric
`
`authorization smart card.
`
`10
`
`Once the card holder has established communications with a service provider, the
`
`card holder will select an action to be taken with the service provider, such as the
`
`purchase of goods and services (610). After a user pas decided initiate a purchase, the
`
`card holder may select a form or method of payment ( 615). The method of payment may
`
`be integrated into the biometric card or separate from the biometric card. For example,
`
`15
`
`the scratch pad may be associated with a bank credit card which may only be used when
`
`the correct signature is applied to the scratch pad at the time of purchase.
`
`In an alternative embodiment, the card may be used as a biometric authorization
`
`system for different accounts that have been established with different service providers.
`
`The card holder may be requested to sign his/her name with an inkless pen or stylus on
`
`20
`
`the electronic scratch pad of the smart card (620). The scratch pad may be electrically
`
`connected to a smart card chip integrated within the biometric authorization smart card
`
`(625). This may also be seen in FIG. 6.
`
`The smart card chip may read and analyze the data from the pressure-sensitive
`
`13
`
`IPR2019-01630 Page 00015
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`area (i.e., the scratch pad) (630). The smart chip may perform a comparison between the
`
`signature stored in the smart chip and a "live" signature to provide positive user
`
`authentication and non-repudiation .. For security, the signature pattern stored in the
`
`smart chip will be encrypted in the chip's memory. The smart chip internally performs
`
`5
`
`a comparison between the stored signature and the "live" signature of the card holder
`
`received from the scratch pad (635).
`
`A threshold level may be set to determine the accuracy of the "match" between
`
`the stored signature and the "live" signature. If the comparison yields a result above a
`
`pre-defined threshold, the chip may enabled the transaction by transmitting a signal to
`
`10
`
`the vendor. The signal may be as simple as a yes or no response. Alternatively, the
`
`signal may be an encrypted form of the signature. Then the card holder will be able to
`
`complete the transaction. If the comparison fails to yield a match, the card holder may
`
`not be able to complete the transaction.
`
`In an embodiment of the invention, when the comparison fails, a user may either
`
`15
`
`repeat the signature and authentication process or give an alternative identification such
`
`as a PIN (using the communications device) or any other method, in order to complete
`
`the transaction.
`
`Device 320 may communicate with module 310 via a modem 305. The module
`
`may be controlled by central processor unit (PCU) 315, which may be connected to
`
`20
`
`modem 305. PCU 315 may control activity indicators 325 such as transmission/reception
`
`activity and on/off status. In addition, PCU 315 may control a display (not shown),
`
`which may be located in module 310, in device 320 or both. In another embodiment,
`
`module 310 may share a PCU 315 located in device 320.
`
`14
`
`IPR2019-01630 Page 00016
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`Module 310 may also be equipped with encryption/decryption unit 335, which
`
`may be controlled by the PCU 315. The encryption/decryption unit 335 is used to
`
`prevent a third party from intercepting the data transferred to and from the contactless
`
`card. The information exchanged between the smart card and the module/device may be
`
`5
`
`encrypted according to various well-documented methods. In one embodiment, the card
`
`may authenticate the card reader/writer by generating a random number and sending it
`
`to the reader/writer. The reader/writer has to encrypt the random challenge (number)
`
`with a shared encryption key and return the result to the card. The card then compares
`
`the returned result with its own encryption before agreeing to communicate with the
`
`1 0
`
`reader/writer. Conversely, the card reader/writer may also authenticate the card's identity
`
`by sending a random challenge (number) to the card. The card is then required to sign
`
`the number with its own private key, which is part of a private key/public key pair, and
`
`return it to the reader/writer for verification.
`
`Furthermore, module 310 may include a radio frequency (RF) unit 345 connected
`
`15
`
`to PCU 335. RF unit 345 may include: (I) a down converter coupled to a low noise
`
`amplifier for converting received RF signal waveforms to intermediate frequency (IF)
`
`waveforms; (2) an up converter coupled to a high power amplifier for converting
`
`modulated analog waveforms from an IF to an RF for amplification and transmission to
`
`the antenna; (3) a first analog to digital converter having an input connected to the down
`
`20
`
`converter, for converting the analog IF waveform to a series of digital samples; and/or
`
`( 4) a first digital to analog converter connected to the up converter for converting
`
`modulated digital samples from the processor board. to an IF frequency.
`
`The RF section/unit 345 may also be coupled to reader/writer antenna 375. A
`
`15
`
`IPR2019-01630 Page 00017
`
`

`

`WO 01/86599
`
`PCT /IBO 1 /00809
`
`variety of reader/writer antermas may be used which allow reading and writing distances
`
`up to 100mm, but usually between 0-30mm. Reader/writer antenna 375 should not
`
`interfere with the functionality of the device 320. The contactless reader/writer may be
`
`provided by companies such as Baltech AG or Tamura Hinchley Ltd.
`
`5
`
`In an alternative embodiment, the module 10 may be incorporated into the
`
`wireless device as shown in FIG. 4. The wireless device may be controlled by the PCU
`
`415, which may control activity indicators 425, such as transmissi